Facebook BruteForcerIMPORTANT: This program is for
educational purposes only. Don't go around attacking people's facebook
accounts. If you want to break into someone's account, you must have the
permission of the user. Otherwise you're breaking the law.

Today
i had couple of hours off, so i decided to write some nasty code. Not
to mess with facebook or someone else's account but to test facebook's
security and to see what it takes to come up with a simple, custom-made
bruteforcer.

It took me about an hour to develop a program which
uses a dictionary file to find out the password of any given facebook
account performing brute force hacking method.

Here is how it works:

Create HttpWebRequest

Set required browser headers so that both facebook and the program will be happy

Create post data for HttpWebRequest using the dictionary file

Parse facebook page response and add to output *
See line 80 in frmMain.cs. It's very likely that you will have to
modify this part of the code since Facebook page markup is updated
frequently.

After three attempts, create a fake hotmail
account and try to login (I thought i could prevent the session from
locking out. Obviously i was mistaken)

A common attack method
of gaining access to a login is the brute force attack. If you fail, you
repeat. If the user has a weak password, you will eventually find it.

In secure systems if you make too many invalid login attempts, you get locked out.

It
appears that Facebook extended it intelligently; if you make too many
invalid login attempts, it doesn't just lock you out, it also redirects
you to the password reset page.

Still here i stand with my
simple custom-made bruteforcer. The program is written in C# and the
source code is available for download. Since it's the first version and i
didn't spend much time to test it, use it on your own risk.

Please
remember that this program is for educational purposes only. Attempting
to brute force the password would also result in a DoS (Denial Of
Service) event which can possibly catch a system administrator's
attention.